Expert Advice Community

Guest

Audit of an application hosted on a private cloud virtual server

  Quote
Guest
Guest user Created:   Aug 10, 2022 Last commented:   Aug 10, 2022

Audit of an application hosted on a private cloud virtual server

How would you perform an Audit of an application hosted on a private cloud virtual server?

0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 10, 2022

The general approach to performing an audit is:

  • define dates, criteria (i.e., the security requirements that need to be evaluated), and audit scope (i.e., the application to be evaluated).
  • develop checklists to help you not forget something during the audit (i.e., what needs to be verified to evaluate if the security requirements are being met).
  • evaluate the application. At this point, the most common methods are: Inquiry personnel (e.g., users, developers, administrators, etc.); Observation of the application being used; Examination or Inspection of Evidence (e.g., records of previous processing, system logs, etc.); Re-performance (i.e., repeating previous processing to evaluate its results); and use of tools to perform Computer-Assisted Audit Techniques (CAAT).
  • elaborate on the audit report which will include the non-compliances and other findings

Considering a cloud environment, you need to clarify the responsibilities for each asset, so you can properly identify who needs to be audited about which asset.

For example, in an IaaS cloud model, the cloud provider is responsible only for the physical structure, while in a PaaS model, the cloud provider is also responsible for the development environment used by application developers, and in a SaaS environment, the cloud provider is also responsible for the applications.

These articles will provide you a further explanation about preparing an audit:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 10, 2022

Aug 10, 2022

Suggested Topics

Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 1

ISO 27001 Internal Audits

Guest user Created:   Oct 31, 2023 ISO 27001 & 22301
Replies: 1
0 0

Audit report